CVE-2020-28577
MEDIUMTrend Micro Apex One and OfficeScan XG SP1 - Unauthenticated Information Disclosure
Title source: llmDescription
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000281949
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000281947
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1376/
Scores
CVSS v3
5.3
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
trendmicro/apex_one
2019
trendmicro/officescan
xg sp1
Published
Dec 01, 2020
Tracked Since
Feb 18, 2026